Ajout architecture multi-arch

2025-12-04 11:08:55 +01:00
parent 2080559f46
commit d04d1748d3
10 changed files with 785 additions and 4 deletions
--- a/web-gateway/chart/rdp-web-gateway/examples/traefik-middlewares.yaml
+++ b/web-gateway/chart/rdp-web-gateway/examples/traefik-middlewares.yaml
@@ -0,0 +1,71 @@
+# Recommended Traefik Middlewares for RDP Web Gateway
+# Apply these in your Traefik namespace or the same namespace as web-gateway
+
+---
+# Redirect HTTP to HTTPS
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: redirect-to-https
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true
+
+---
+# Security Headers
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: security-headers
+spec:
+  headers:
+    browserXssFilter: true
+    contentTypeNosniff: true
+    forceSTSHeader: true
+    frameDeny: true
+    stsIncludeSubdomains: true
+    stsPreload: true
+    stsSeconds: 31536000
+    customFrameOptionsValue: "SAMEORIGIN"
+    customResponseHeaders:
+      X-Forwarded-Proto: "https"
+      # Allow WebSocket upgrade
+      Connection: "upgrade"
+      Upgrade: "$http_upgrade"
+
+---
+# Rate Limiting (adjust as needed)
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: rate-limit
+spec:
+  rateLimit:
+    average: 100
+    burst: 50
+    period: 1s
+
+---
+# IP Whitelist (optional - restrict to specific IPs/ranges)
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: ip-whitelist
+spec:
+  ipWhiteList:
+    sourceRange:
+      - 192.168.1.0/24
+      - 10.0.0.0/8
+    # For use behind a proxy/load balancer
+    ipStrategy:
+      depth: 1
+
+---
+# Compression
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: compression
+spec:
+  compress: {}